1use crate::{AgentTool, ToolCallEventStream, ToolInput};
2use agent_client_protocol::schema as acp;
3use anyhow::Result;
4use futures::{FutureExt as _, StreamExt};
5use gpui::{App, Entity, SharedString, Task};
6use language::{OffsetRangeExt, ParseStatus, Point};
7use project::{
8 Project, SearchResults, WorktreeSettings,
9 search::{SearchQuery, SearchResult},
10};
11use schemars::JsonSchema;
12use serde::{Deserialize, Serialize};
13use settings::Settings;
14use std::{cmp, fmt::Write, sync::Arc};
15use util::RangeExt;
16use util::markdown::MarkdownInlineCode;
17use util::paths::PathMatcher;
18
19/// Searches the contents of files in the project with a regular expression
20///
21/// - Prefer this tool to path search when searching for symbols in the project, because you won't need to guess what path it's in.
22/// - Supports full regex syntax (eg. "log.*Error", "function\\s+\\w+", etc.)
23/// - Pass an `include_pattern` if you know how to narrow your search on the files system
24/// - Never use this tool to search for paths. Only search file contents with this tool.
25/// - Use this tool when you need to find files containing specific patterns
26/// - Results are paginated with 20 matches per page. Use the optional 'offset' parameter to request subsequent pages.
27/// - DO NOT use HTML entities solely to escape characters in the tool parameters.
28#[derive(Debug, Serialize, Deserialize, JsonSchema)]
29pub struct GrepToolInput {
30 /// A regex pattern to search for in the entire project. Note that the regex will be parsed by the Rust `regex` crate.
31 ///
32 /// Do NOT specify a path here! This will only be matched against the code **content**.
33 pub regex: String,
34 /// A glob pattern for the paths of files to include in the search.
35 /// Supports standard glob patterns like "**/*.rs" or "frontend/src/**/*.ts".
36 /// If omitted, all files in the project will be searched.
37 ///
38 /// The glob pattern is matched against the full path including the project root directory.
39 ///
40 /// <example>
41 /// If the project has the following root directories:
42 ///
43 /// - /a/b/backend
44 /// - /c/d/frontend
45 ///
46 /// Use "backend/**/*.rs" to search only Rust files in the backend root directory.
47 /// Use "frontend/src/**/*.ts" to search TypeScript files only in the frontend root directory (sub-directory "src").
48 /// Use "**/*.rs" to search Rust files across all root directories.
49 /// </example>
50 pub include_pattern: Option<String>,
51 /// Optional starting position for paginated results (0-based).
52 /// When not provided, starts from the beginning.
53 #[serde(default)]
54 pub offset: u32,
55 /// Whether the regex is case-sensitive. Defaults to false (case-insensitive).
56 #[serde(default)]
57 pub case_sensitive: bool,
58}
59
60impl GrepToolInput {
61 /// Which page of search results this is.
62 pub fn page(&self) -> u32 {
63 1 + (self.offset / RESULTS_PER_PAGE)
64 }
65}
66
67const RESULTS_PER_PAGE: u32 = 20;
68
69pub struct GrepTool {
70 project: Entity<Project>,
71}
72
73impl GrepTool {
74 pub fn new(project: Entity<Project>) -> Self {
75 Self { project }
76 }
77}
78
79impl AgentTool for GrepTool {
80 type Input = GrepToolInput;
81 type Output = String;
82
83 const NAME: &'static str = "grep";
84
85 fn kind() -> acp::ToolKind {
86 acp::ToolKind::Search
87 }
88
89 fn initial_title(
90 &self,
91 input: Result<Self::Input, serde_json::Value>,
92 _cx: &mut App,
93 ) -> SharedString {
94 match input {
95 Ok(input) => {
96 let page = input.page();
97 let regex_str = MarkdownInlineCode(&input.regex);
98 let case_info = if input.case_sensitive {
99 " (case-sensitive)"
100 } else {
101 ""
102 };
103
104 if page > 1 {
105 format!("Get page {page} of search results for regex {regex_str}{case_info}")
106 } else {
107 format!("Search files for regex {regex_str}{case_info}")
108 }
109 }
110 Err(_) => "Search with regex".into(),
111 }
112 .into()
113 }
114
115 fn run(
116 self: Arc<Self>,
117 input: ToolInput<Self::Input>,
118 event_stream: ToolCallEventStream,
119 cx: &mut App,
120 ) -> Task<Result<Self::Output, Self::Output>> {
121 const CONTEXT_LINES: u32 = 2;
122 const MAX_ANCESTOR_LINES: u32 = 10;
123
124 let project = self.project.clone();
125 cx.spawn(async move |cx| {
126 let input = input
127 .recv()
128 .await
129 .map_err(|e| format!("Failed to receive tool input: {e}"))?;
130
131 let results = cx.update(|cx| {
132 let path_style = project.read(cx).path_style(cx);
133
134 let include_matcher = PathMatcher::new(
135 input
136 .include_pattern
137 .as_ref()
138 .into_iter()
139 .collect::<Vec<_>>(),
140 path_style,
141 )
142 .map_err(|error| format!("invalid include glob pattern: {error}"))?;
143
144 // Exclude global file_scan_exclusions and private_files settings
145 let exclude_matcher = {
146 let global_settings = WorktreeSettings::get_global(cx);
147 let exclude_patterns = global_settings
148 .file_scan_exclusions
149 .sources()
150 .chain(global_settings.private_files.sources());
151
152 PathMatcher::new(exclude_patterns, path_style)
153 .map_err(|error| format!("invalid exclude pattern: {error}"))?
154 };
155
156 let query = SearchQuery::regex(
157 &input.regex,
158 false,
159 input.case_sensitive,
160 false,
161 false,
162 include_matcher,
163 exclude_matcher,
164 true, // Always match file include pattern against *full project paths* that start with a project root.
165 None,
166 )
167 .map_err(|error| error.to_string())?;
168
169 Ok::<_, String>(
170 project.update(cx, |project, cx| project.search(query, cx)),
171 )
172 })?;
173
174 let project = project.downgrade();
175 // Keep the search alive for the duration of result iteration. Dropping this task is the
176 // cancellation mechanism; we intentionally do not detach it.
177 let SearchResults {rx, _task_handle} = results;
178 futures::pin_mut!(rx);
179
180 let mut output = String::new();
181 let mut skips_remaining = input.offset;
182 let mut matches_found = 0;
183 let mut has_more_matches = false;
184
185 'outer: loop {
186 let search_result = futures::select! {
187 result = rx.next().fuse() => result,
188 _ = event_stream.cancelled_by_user().fuse() => {
189 return Err("Search cancelled by user".to_string());
190 }
191 };
192
193 let (buffer, ranges) = match search_result {
194 Some(SearchResult::Buffer { buffer, ranges }) => (buffer, ranges),
195 Some(SearchResult::LimitReached) => {
196 has_more_matches = true;
197 break;
198 }
199 Some(SearchResult::WaitingForScan) => continue,
200 None => break,
201 };
202 if ranges.is_empty() {
203 continue;
204 }
205
206 let (Some(path), mut parse_status) = buffer.read_with(cx, |buffer, cx| {
207 (buffer.file().map(|file| file.full_path(cx)), buffer.parse_status())
208 }) else {
209 continue;
210 };
211
212 // Check if this file should be excluded based on its worktree settings
213 if let Ok(Some(project_path)) = project.read_with(cx, |project, cx| {
214 project.find_project_path(&path, cx)
215 }) {
216 if cx.update(|cx| {
217 let worktree_settings = WorktreeSettings::get(Some((&project_path).into()), cx);
218 worktree_settings.is_path_excluded(&project_path.path)
219 || worktree_settings.is_path_private(&project_path.path)
220 }) {
221 continue;
222 }
223 }
224
225 while *parse_status.borrow() != ParseStatus::Idle {
226 parse_status.changed().await.map_err(|e| e.to_string())?;
227 }
228
229 let snapshot = buffer.read_with(cx, |buffer, _cx| buffer.snapshot());
230
231 let mut ranges = ranges
232 .into_iter()
233 .map(|range| {
234 let matched = range.to_point(&snapshot);
235 let matched_end_line_len = snapshot.line_len(matched.end.row);
236 let full_lines = Point::new(matched.start.row, 0)..Point::new(matched.end.row, matched_end_line_len);
237 let symbols = snapshot.symbols_containing(matched.start, None);
238
239 if let Some(ancestor_node) = snapshot.syntax_ancestor(full_lines.clone()) {
240 let full_ancestor_range = ancestor_node.byte_range().to_point(&snapshot);
241 let end_row = full_ancestor_range.end.row.min(full_ancestor_range.start.row + MAX_ANCESTOR_LINES);
242 let end_col = snapshot.line_len(end_row);
243 let capped_ancestor_range = Point::new(full_ancestor_range.start.row, 0)..Point::new(end_row, end_col);
244
245 if capped_ancestor_range.contains_inclusive(&full_lines) {
246 return (capped_ancestor_range, Some(full_ancestor_range), symbols)
247 }
248 }
249
250 let mut matched = matched;
251 matched.start.column = 0;
252 matched.start.row =
253 matched.start.row.saturating_sub(CONTEXT_LINES);
254 matched.end.row = cmp::min(
255 snapshot.max_point().row,
256 matched.end.row + CONTEXT_LINES,
257 );
258 matched.end.column = snapshot.line_len(matched.end.row);
259
260 (matched, None, symbols)
261 })
262 .peekable();
263
264 let mut file_header_written = false;
265
266 while let Some((mut range, ancestor_range, parent_symbols)) = ranges.next(){
267 if skips_remaining > 0 {
268 skips_remaining -= 1;
269 continue;
270 }
271
272 // We'd already found a full page of matches, and we just found one more.
273 if matches_found >= RESULTS_PER_PAGE {
274 has_more_matches = true;
275 break 'outer;
276 }
277
278 while let Some((next_range, _, _)) = ranges.peek() {
279 if range.end.row >= next_range.start.row {
280 range.end = next_range.end;
281 ranges.next();
282 } else {
283 break;
284 }
285 }
286
287 if !file_header_written {
288 writeln!(output, "\n## Matches in {}", path.display())
289 .ok();
290 file_header_written = true;
291 }
292
293 let end_row = range.end.row;
294 output.push_str("\n### ");
295
296 for symbol in parent_symbols {
297 write!(output, "{} › ", symbol.text)
298 .ok();
299 }
300
301 if range.start.row == end_row {
302 writeln!(output, "L{}", range.start.row + 1)
303 .ok();
304 } else {
305 writeln!(output, "L{}-{}", range.start.row + 1, end_row + 1)
306 .ok();
307 }
308
309 output.push_str("```\n");
310 output.extend(snapshot.text_for_range(range));
311 output.push_str("\n```\n");
312
313 if let Some(ancestor_range) = ancestor_range
314 && end_row < ancestor_range.end.row {
315 let remaining_lines = ancestor_range.end.row - end_row;
316 writeln!(output, "\n{} lines remaining in ancestor node. Read the file to see all.", remaining_lines)
317 .ok();
318 }
319
320 matches_found += 1;
321 }
322 }
323
324 if matches_found == 0 {
325 Ok("No matches found".into())
326 } else if has_more_matches {
327 Ok(format!(
328 "Showing matches {}-{} (there were more matches found; use offset: {} to see next page):\n{output}",
329 input.offset + 1,
330 input.offset + matches_found,
331 input.offset + RESULTS_PER_PAGE,
332 ))
333 } else {
334 Ok(format!("Found {matches_found} matches:\n{output}"))
335 }
336 })
337 }
338}
339
340#[cfg(test)]
341mod tests {
342 use crate::ToolCallEventStream;
343
344 use super::*;
345 use gpui::{TestAppContext, UpdateGlobal};
346 use project::{FakeFs, Project};
347 use serde_json::json;
348 use settings::SettingsStore;
349 use unindent::Unindent;
350 use util::path;
351
352 #[gpui::test]
353 async fn test_grep_tool_with_include_pattern(cx: &mut TestAppContext) {
354 init_test(cx);
355 cx.executor().allow_parking();
356
357 let fs = FakeFs::new(cx.executor());
358 fs.insert_tree(
359 path!("/root"),
360 serde_json::json!({
361 "src": {
362 "main.rs": "fn main() {\n println!(\"Hello, world!\");\n}",
363 "utils": {
364 "helper.rs": "fn helper() {\n println!(\"I'm a helper!\");\n}",
365 },
366 },
367 "tests": {
368 "test_main.rs": "fn test_main() {\n assert!(true);\n}",
369 }
370 }),
371 )
372 .await;
373
374 let project = Project::test(fs.clone(), [path!("/root").as_ref()], cx).await;
375
376 // Test with include pattern for Rust files inside the root of the project
377 let input = GrepToolInput {
378 regex: "println".to_string(),
379 include_pattern: Some("root/**/*.rs".to_string()),
380 offset: 0,
381 case_sensitive: false,
382 };
383
384 let result = run_grep_tool(input, project.clone(), cx).await;
385 assert!(result.contains("main.rs"), "Should find matches in main.rs");
386 assert!(
387 result.contains("helper.rs"),
388 "Should find matches in helper.rs"
389 );
390 assert!(
391 !result.contains("test_main.rs"),
392 "Should not include test_main.rs even though it's a .rs file (because it doesn't have the pattern)"
393 );
394
395 // Test with include pattern for src directory only
396 let input = GrepToolInput {
397 regex: "fn".to_string(),
398 include_pattern: Some("root/**/src/**".to_string()),
399 offset: 0,
400 case_sensitive: false,
401 };
402
403 let result = run_grep_tool(input, project.clone(), cx).await;
404 assert!(
405 result.contains("main.rs"),
406 "Should find matches in src/main.rs"
407 );
408 assert!(
409 result.contains("helper.rs"),
410 "Should find matches in src/utils/helper.rs"
411 );
412 assert!(
413 !result.contains("test_main.rs"),
414 "Should not include test_main.rs as it's not in src directory"
415 );
416
417 // Test with empty include pattern (should default to all files)
418 let input = GrepToolInput {
419 regex: "fn".to_string(),
420 include_pattern: None,
421 offset: 0,
422 case_sensitive: false,
423 };
424
425 let result = run_grep_tool(input, project.clone(), cx).await;
426 assert!(result.contains("main.rs"), "Should find matches in main.rs");
427 assert!(
428 result.contains("helper.rs"),
429 "Should find matches in helper.rs"
430 );
431 assert!(
432 result.contains("test_main.rs"),
433 "Should include test_main.rs"
434 );
435 }
436
437 #[gpui::test]
438 async fn test_grep_tool_with_case_sensitivity(cx: &mut TestAppContext) {
439 init_test(cx);
440 cx.executor().allow_parking();
441
442 let fs = FakeFs::new(cx.executor());
443 fs.insert_tree(
444 path!("/root"),
445 serde_json::json!({
446 "case_test.txt": "This file has UPPERCASE and lowercase text.\nUPPERCASE patterns should match only with case_sensitive: true",
447 }),
448 )
449 .await;
450
451 let project = Project::test(fs.clone(), [path!("/root").as_ref()], cx).await;
452
453 // Test case-insensitive search (default)
454 let input = GrepToolInput {
455 regex: "uppercase".to_string(),
456 include_pattern: Some("**/*.txt".to_string()),
457 offset: 0,
458 case_sensitive: false,
459 };
460
461 let result = run_grep_tool(input, project.clone(), cx).await;
462 assert!(
463 result.contains("UPPERCASE"),
464 "Case-insensitive search should match uppercase"
465 );
466
467 // Test case-sensitive search
468 let input = GrepToolInput {
469 regex: "uppercase".to_string(),
470 include_pattern: Some("**/*.txt".to_string()),
471 offset: 0,
472 case_sensitive: true,
473 };
474
475 let result = run_grep_tool(input, project.clone(), cx).await;
476 assert!(
477 !result.contains("UPPERCASE"),
478 "Case-sensitive search should not match uppercase"
479 );
480
481 // Test case-sensitive search
482 let input = GrepToolInput {
483 regex: "LOWERCASE".to_string(),
484 include_pattern: Some("**/*.txt".to_string()),
485 offset: 0,
486 case_sensitive: true,
487 };
488
489 let result = run_grep_tool(input, project.clone(), cx).await;
490
491 assert!(
492 !result.contains("lowercase"),
493 "Case-sensitive search should match lowercase"
494 );
495
496 // Test case-sensitive search for lowercase pattern
497 let input = GrepToolInput {
498 regex: "lowercase".to_string(),
499 include_pattern: Some("**/*.txt".to_string()),
500 offset: 0,
501 case_sensitive: true,
502 };
503
504 let result = run_grep_tool(input, project.clone(), cx).await;
505 assert!(
506 result.contains("lowercase"),
507 "Case-sensitive search should match lowercase text"
508 );
509 }
510
511 /// Helper function to set up a syntax test environment
512 async fn setup_syntax_test(cx: &mut TestAppContext) -> Entity<Project> {
513 use unindent::Unindent;
514 init_test(cx);
515 cx.executor().allow_parking();
516
517 let fs = FakeFs::new(cx.executor());
518
519 // Create test file with syntax structures
520 fs.insert_tree(
521 path!("/root"),
522 serde_json::json!({
523 "test_syntax.rs": r#"
524 fn top_level_function() {
525 println!("This is at the top level");
526 }
527
528 mod feature_module {
529 pub mod nested_module {
530 pub fn nested_function(
531 first_arg: String,
532 second_arg: i32,
533 ) {
534 println!("Function in nested module");
535 println!("{first_arg}");
536 println!("{second_arg}");
537 }
538 }
539 }
540
541 struct MyStruct {
542 field1: String,
543 field2: i32,
544 }
545
546 impl MyStruct {
547 fn method_with_block() {
548 let condition = true;
549 if condition {
550 println!("Inside if block");
551 }
552 }
553
554 fn long_function() {
555 println!("Line 1");
556 println!("Line 2");
557 println!("Line 3");
558 println!("Line 4");
559 println!("Line 5");
560 println!("Line 6");
561 println!("Line 7");
562 println!("Line 8");
563 println!("Line 9");
564 println!("Line 10");
565 println!("Line 11");
566 println!("Line 12");
567 }
568 }
569
570 trait Processor {
571 fn process(&self, input: &str) -> String;
572 }
573
574 impl Processor for MyStruct {
575 fn process(&self, input: &str) -> String {
576 format!("Processed: {}", input)
577 }
578 }
579 "#.unindent().trim(),
580 }),
581 )
582 .await;
583
584 let project = Project::test(fs.clone(), [path!("/root").as_ref()], cx).await;
585
586 project.update(cx, |project, _cx| {
587 project.languages().add(language::rust_lang())
588 });
589
590 project
591 }
592
593 #[gpui::test]
594 async fn test_grep_top_level_function(cx: &mut TestAppContext) {
595 let project = setup_syntax_test(cx).await;
596
597 // Test: Line at the top level of the file
598 let input = GrepToolInput {
599 regex: "This is at the top level".to_string(),
600 include_pattern: Some("**/*.rs".to_string()),
601 offset: 0,
602 case_sensitive: false,
603 };
604
605 let result = run_grep_tool(input, project.clone(), cx).await;
606 let expected = r#"
607 Found 1 matches:
608
609 ## Matches in root/test_syntax.rs
610
611 ### fn top_level_function › L1-3
612 ```
613 fn top_level_function() {
614 println!("This is at the top level");
615 }
616 ```
617 "#
618 .unindent();
619 assert_eq!(result, expected);
620 }
621
622 #[gpui::test]
623 async fn test_grep_function_body(cx: &mut TestAppContext) {
624 let project = setup_syntax_test(cx).await;
625
626 // Test: Line inside a function body
627 let input = GrepToolInput {
628 regex: "Function in nested module".to_string(),
629 include_pattern: Some("**/*.rs".to_string()),
630 offset: 0,
631 case_sensitive: false,
632 };
633
634 let result = run_grep_tool(input, project.clone(), cx).await;
635 let expected = r#"
636 Found 1 matches:
637
638 ## Matches in root/test_syntax.rs
639
640 ### mod feature_module › pub mod nested_module › pub fn nested_function › L10-14
641 ```
642 ) {
643 println!("Function in nested module");
644 println!("{first_arg}");
645 println!("{second_arg}");
646 }
647 ```
648 "#
649 .unindent();
650 assert_eq!(result, expected);
651 }
652
653 #[gpui::test]
654 async fn test_grep_function_args_and_body(cx: &mut TestAppContext) {
655 let project = setup_syntax_test(cx).await;
656
657 // Test: Line with a function argument
658 let input = GrepToolInput {
659 regex: "second_arg".to_string(),
660 include_pattern: Some("**/*.rs".to_string()),
661 offset: 0,
662 case_sensitive: false,
663 };
664
665 let result = run_grep_tool(input, project.clone(), cx).await;
666 let expected = r#"
667 Found 1 matches:
668
669 ## Matches in root/test_syntax.rs
670
671 ### mod feature_module › pub mod nested_module › pub fn nested_function › L7-14
672 ```
673 pub fn nested_function(
674 first_arg: String,
675 second_arg: i32,
676 ) {
677 println!("Function in nested module");
678 println!("{first_arg}");
679 println!("{second_arg}");
680 }
681 ```
682 "#
683 .unindent();
684 assert_eq!(result, expected);
685 }
686
687 #[gpui::test]
688 async fn test_grep_if_block(cx: &mut TestAppContext) {
689 use unindent::Unindent;
690 let project = setup_syntax_test(cx).await;
691
692 // Test: Line inside an if block
693 let input = GrepToolInput {
694 regex: "Inside if block".to_string(),
695 include_pattern: Some("**/*.rs".to_string()),
696 offset: 0,
697 case_sensitive: false,
698 };
699
700 let result = run_grep_tool(input, project.clone(), cx).await;
701 let expected = r#"
702 Found 1 matches:
703
704 ## Matches in root/test_syntax.rs
705
706 ### impl MyStruct › fn method_with_block › L26-28
707 ```
708 if condition {
709 println!("Inside if block");
710 }
711 ```
712 "#
713 .unindent();
714 assert_eq!(result, expected);
715 }
716
717 #[gpui::test]
718 async fn test_grep_long_function_top(cx: &mut TestAppContext) {
719 use unindent::Unindent;
720 let project = setup_syntax_test(cx).await;
721
722 // Test: Line in the middle of a long function - should show message about remaining lines
723 let input = GrepToolInput {
724 regex: "Line 5".to_string(),
725 include_pattern: Some("**/*.rs".to_string()),
726 offset: 0,
727 case_sensitive: false,
728 };
729
730 let result = run_grep_tool(input, project.clone(), cx).await;
731 let expected = r#"
732 Found 1 matches:
733
734 ## Matches in root/test_syntax.rs
735
736 ### impl MyStruct › fn long_function › L31-41
737 ```
738 fn long_function() {
739 println!("Line 1");
740 println!("Line 2");
741 println!("Line 3");
742 println!("Line 4");
743 println!("Line 5");
744 println!("Line 6");
745 println!("Line 7");
746 println!("Line 8");
747 println!("Line 9");
748 println!("Line 10");
749 ```
750
751 3 lines remaining in ancestor node. Read the file to see all.
752 "#
753 .unindent();
754 assert_eq!(result, expected);
755 }
756
757 #[gpui::test]
758 async fn test_grep_long_function_bottom(cx: &mut TestAppContext) {
759 use unindent::Unindent;
760 let project = setup_syntax_test(cx).await;
761
762 // Test: Line in the long function
763 let input = GrepToolInput {
764 regex: "Line 12".to_string(),
765 include_pattern: Some("**/*.rs".to_string()),
766 offset: 0,
767 case_sensitive: false,
768 };
769
770 let result = run_grep_tool(input, project.clone(), cx).await;
771 let expected = r#"
772 Found 1 matches:
773
774 ## Matches in root/test_syntax.rs
775
776 ### impl MyStruct › fn long_function › L41-45
777 ```
778 println!("Line 10");
779 println!("Line 11");
780 println!("Line 12");
781 }
782 }
783 ```
784 "#
785 .unindent();
786 assert_eq!(result, expected);
787 }
788
789 async fn run_grep_tool(
790 input: GrepToolInput,
791 project: Entity<Project>,
792 cx: &mut TestAppContext,
793 ) -> String {
794 let tool = Arc::new(GrepTool { project });
795 let task = cx.update(|cx| {
796 tool.run(
797 ToolInput::resolved(input),
798 ToolCallEventStream::test().0,
799 cx,
800 )
801 });
802
803 match task.await {
804 Ok(result) => {
805 if cfg!(windows) {
806 result.replace("root\\", "root/")
807 } else {
808 result
809 }
810 }
811 Err(e) => panic!("Failed to run grep tool: {}", e),
812 }
813 }
814
815 fn init_test(cx: &mut TestAppContext) {
816 cx.update(|cx| {
817 let settings_store = SettingsStore::test(cx);
818 cx.set_global(settings_store);
819 });
820 }
821
822 #[gpui::test]
823 async fn test_grep_security_boundaries(cx: &mut TestAppContext) {
824 init_test(cx);
825
826 let fs = FakeFs::new(cx.executor());
827
828 fs.insert_tree(
829 path!("/"),
830 json!({
831 "project_root": {
832 "allowed_file.rs": "fn main() { println!(\"This file is in the project\"); }",
833 ".mysecrets": "SECRET_KEY=abc123\nfn secret() { /* private */ }",
834 ".secretdir": {
835 "config": "fn special_configuration() { /* excluded */ }"
836 },
837 ".mymetadata": "fn custom_metadata() { /* excluded */ }",
838 "subdir": {
839 "normal_file.rs": "fn normal_file_content() { /* Normal */ }",
840 "special.privatekey": "fn private_key_content() { /* private */ }",
841 "data.mysensitive": "fn sensitive_data() { /* private */ }"
842 }
843 },
844 "outside_project": {
845 "sensitive_file.rs": "fn outside_function() { /* This file is outside the project */ }"
846 }
847 }),
848 )
849 .await;
850
851 cx.update(|cx| {
852 use gpui::UpdateGlobal;
853 use settings::SettingsStore;
854 SettingsStore::update_global(cx, |store, cx| {
855 store.update_user_settings(cx, |settings| {
856 settings.project.worktree.file_scan_exclusions = Some(vec![
857 "**/.secretdir".to_string(),
858 "**/.mymetadata".to_string(),
859 ]);
860 settings.project.worktree.private_files = Some(
861 vec![
862 "**/.mysecrets".to_string(),
863 "**/*.privatekey".to_string(),
864 "**/*.mysensitive".to_string(),
865 ]
866 .into(),
867 );
868 });
869 });
870 });
871
872 let project = Project::test(fs.clone(), [path!("/project_root").as_ref()], cx).await;
873
874 // Searching for files outside the project worktree should return no results
875 let result = run_grep_tool(
876 GrepToolInput {
877 regex: "outside_function".to_string(),
878 include_pattern: None,
879 offset: 0,
880 case_sensitive: false,
881 },
882 project.clone(),
883 cx,
884 )
885 .await;
886 let paths = extract_paths_from_results(&result);
887 assert!(
888 paths.is_empty(),
889 "grep_tool should not find files outside the project worktree"
890 );
891
892 // Searching within the project should succeed
893 let result = run_grep_tool(
894 GrepToolInput {
895 regex: "main".to_string(),
896 include_pattern: None,
897 offset: 0,
898 case_sensitive: false,
899 },
900 project.clone(),
901 cx,
902 )
903 .await;
904 let paths = extract_paths_from_results(&result);
905 assert!(
906 paths.iter().any(|p| p.contains("allowed_file.rs")),
907 "grep_tool should be able to search files inside worktrees"
908 );
909
910 // Searching files that match file_scan_exclusions should return no results
911 let result = run_grep_tool(
912 GrepToolInput {
913 regex: "special_configuration".to_string(),
914 include_pattern: None,
915 offset: 0,
916 case_sensitive: false,
917 },
918 project.clone(),
919 cx,
920 )
921 .await;
922 let paths = extract_paths_from_results(&result);
923 assert!(
924 paths.is_empty(),
925 "grep_tool should not search files in .secretdir (file_scan_exclusions)"
926 );
927
928 let result = run_grep_tool(
929 GrepToolInput {
930 regex: "custom_metadata".to_string(),
931 include_pattern: None,
932 offset: 0,
933 case_sensitive: false,
934 },
935 project.clone(),
936 cx,
937 )
938 .await;
939 let paths = extract_paths_from_results(&result);
940 assert!(
941 paths.is_empty(),
942 "grep_tool should not search .mymetadata files (file_scan_exclusions)"
943 );
944
945 // Searching private files should return no results
946 let result = run_grep_tool(
947 GrepToolInput {
948 regex: "SECRET_KEY".to_string(),
949 include_pattern: None,
950 offset: 0,
951 case_sensitive: false,
952 },
953 project.clone(),
954 cx,
955 )
956 .await;
957 let paths = extract_paths_from_results(&result);
958 assert!(
959 paths.is_empty(),
960 "grep_tool should not search .mysecrets (private_files)"
961 );
962
963 let result = run_grep_tool(
964 GrepToolInput {
965 regex: "private_key_content".to_string(),
966 include_pattern: None,
967 offset: 0,
968 case_sensitive: false,
969 },
970 project.clone(),
971 cx,
972 )
973 .await;
974 let paths = extract_paths_from_results(&result);
975
976 assert!(
977 paths.is_empty(),
978 "grep_tool should not search .privatekey files (private_files)"
979 );
980
981 let result = run_grep_tool(
982 GrepToolInput {
983 regex: "sensitive_data".to_string(),
984 include_pattern: None,
985 offset: 0,
986 case_sensitive: false,
987 },
988 project.clone(),
989 cx,
990 )
991 .await;
992 let paths = extract_paths_from_results(&result);
993 assert!(
994 paths.is_empty(),
995 "grep_tool should not search .mysensitive files (private_files)"
996 );
997
998 // Searching a normal file should still work, even with private_files configured
999 let result = run_grep_tool(
1000 GrepToolInput {
1001 regex: "normal_file_content".to_string(),
1002 include_pattern: None,
1003 offset: 0,
1004 case_sensitive: false,
1005 },
1006 project.clone(),
1007 cx,
1008 )
1009 .await;
1010 let paths = extract_paths_from_results(&result);
1011 assert!(
1012 paths.iter().any(|p| p.contains("normal_file.rs")),
1013 "Should be able to search normal files"
1014 );
1015
1016 // Path traversal attempts with .. in include_pattern should not escape project
1017 let result = run_grep_tool(
1018 GrepToolInput {
1019 regex: "outside_function".to_string(),
1020 include_pattern: Some("../outside_project/**/*.rs".to_string()),
1021 offset: 0,
1022 case_sensitive: false,
1023 },
1024 project.clone(),
1025 cx,
1026 )
1027 .await;
1028 let paths = extract_paths_from_results(&result);
1029 assert!(
1030 paths.is_empty(),
1031 "grep_tool should not allow escaping project boundaries with relative paths"
1032 );
1033 }
1034
1035 #[gpui::test]
1036 async fn test_grep_with_multiple_worktree_settings(cx: &mut TestAppContext) {
1037 init_test(cx);
1038
1039 let fs = FakeFs::new(cx.executor());
1040
1041 // Create first worktree with its own private files
1042 fs.insert_tree(
1043 path!("/worktree1"),
1044 json!({
1045 ".zed": {
1046 "settings.json": r#"{
1047 "file_scan_exclusions": ["**/fixture.*"],
1048 "private_files": ["**/secret.rs"]
1049 }"#
1050 },
1051 "src": {
1052 "main.rs": "fn main() { let secret_key = \"hidden\"; }",
1053 "secret.rs": "const API_KEY: &str = \"secret_value\";",
1054 "utils.rs": "pub fn get_config() -> String { \"config\".to_string() }"
1055 },
1056 "tests": {
1057 "test.rs": "fn test_secret() { assert!(true); }",
1058 "fixture.sql": "SELECT * FROM secret_table;"
1059 }
1060 }),
1061 )
1062 .await;
1063
1064 // Create second worktree with different private files
1065 fs.insert_tree(
1066 path!("/worktree2"),
1067 json!({
1068 ".zed": {
1069 "settings.json": r#"{
1070 "file_scan_exclusions": ["**/internal.*"],
1071 "private_files": ["**/private.js", "**/data.json"]
1072 }"#
1073 },
1074 "lib": {
1075 "public.js": "export function getSecret() { return 'public'; }",
1076 "private.js": "const SECRET_KEY = \"private_value\";",
1077 "data.json": "{\"secret_data\": \"hidden\"}"
1078 },
1079 "docs": {
1080 "README.md": "# Documentation with secret info",
1081 "internal.md": "Internal secret documentation"
1082 }
1083 }),
1084 )
1085 .await;
1086
1087 // Set global settings
1088 cx.update(|cx| {
1089 SettingsStore::update_global(cx, |store, cx| {
1090 store.update_user_settings(cx, |settings| {
1091 settings.project.worktree.file_scan_exclusions =
1092 Some(vec!["**/.git".to_string(), "**/node_modules".to_string()]);
1093 settings.project.worktree.private_files =
1094 Some(vec!["**/.env".to_string()].into());
1095 });
1096 });
1097 });
1098
1099 let project = Project::test(
1100 fs.clone(),
1101 [path!("/worktree1").as_ref(), path!("/worktree2").as_ref()],
1102 cx,
1103 )
1104 .await;
1105
1106 // Wait for worktrees to be fully scanned
1107 cx.executor().run_until_parked();
1108
1109 // Search for "secret" - should exclude files based on worktree-specific settings
1110 let result = run_grep_tool(
1111 GrepToolInput {
1112 regex: "secret".to_string(),
1113 include_pattern: None,
1114 offset: 0,
1115 case_sensitive: false,
1116 },
1117 project.clone(),
1118 cx,
1119 )
1120 .await;
1121 let paths = extract_paths_from_results(&result);
1122
1123 // Should find matches in non-private files
1124 assert!(
1125 paths.iter().any(|p| p.contains("main.rs")),
1126 "Should find 'secret' in worktree1/src/main.rs"
1127 );
1128 assert!(
1129 paths.iter().any(|p| p.contains("test.rs")),
1130 "Should find 'secret' in worktree1/tests/test.rs"
1131 );
1132 assert!(
1133 paths.iter().any(|p| p.contains("public.js")),
1134 "Should find 'secret' in worktree2/lib/public.js"
1135 );
1136 assert!(
1137 paths.iter().any(|p| p.contains("README.md")),
1138 "Should find 'secret' in worktree2/docs/README.md"
1139 );
1140
1141 // Should NOT find matches in private/excluded files based on worktree settings
1142 assert!(
1143 !paths.iter().any(|p| p.contains("secret.rs")),
1144 "Should not search in worktree1/src/secret.rs (local private_files)"
1145 );
1146 assert!(
1147 !paths.iter().any(|p| p.contains("fixture.sql")),
1148 "Should not search in worktree1/tests/fixture.sql (local file_scan_exclusions)"
1149 );
1150 assert!(
1151 !paths.iter().any(|p| p.contains("private.js")),
1152 "Should not search in worktree2/lib/private.js (local private_files)"
1153 );
1154 assert!(
1155 !paths.iter().any(|p| p.contains("data.json")),
1156 "Should not search in worktree2/lib/data.json (local private_files)"
1157 );
1158 assert!(
1159 !paths.iter().any(|p| p.contains("internal.md")),
1160 "Should not search in worktree2/docs/internal.md (local file_scan_exclusions)"
1161 );
1162
1163 // Test with `include_pattern` specific to one worktree
1164 let result = run_grep_tool(
1165 GrepToolInput {
1166 regex: "secret".to_string(),
1167 include_pattern: Some("worktree1/**/*.rs".to_string()),
1168 offset: 0,
1169 case_sensitive: false,
1170 },
1171 project.clone(),
1172 cx,
1173 )
1174 .await;
1175
1176 let paths = extract_paths_from_results(&result);
1177
1178 // Should only find matches in worktree1 *.rs files (excluding private ones)
1179 assert!(
1180 paths.iter().any(|p| p.contains("main.rs")),
1181 "Should find match in worktree1/src/main.rs"
1182 );
1183 assert!(
1184 paths.iter().any(|p| p.contains("test.rs")),
1185 "Should find match in worktree1/tests/test.rs"
1186 );
1187 assert!(
1188 !paths.iter().any(|p| p.contains("secret.rs")),
1189 "Should not find match in excluded worktree1/src/secret.rs"
1190 );
1191 assert!(
1192 paths.iter().all(|p| !p.contains("worktree2")),
1193 "Should not find any matches in worktree2"
1194 );
1195 }
1196
1197 // Helper function to extract file paths from grep results
1198 fn extract_paths_from_results(results: &str) -> Vec<String> {
1199 results
1200 .lines()
1201 .filter(|line| line.starts_with("## Matches in "))
1202 .map(|line| {
1203 line.strip_prefix("## Matches in ")
1204 .unwrap()
1205 .trim()
1206 .to_string()
1207 })
1208 .collect()
1209 }
1210}